Handbook Talk:AMD64/Installation/Base

From Gentoo Wiki
Jump to: navigation, search
Note
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (~~~~). When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}} so it will show up in the list of open discussions.

True multilib needs modification in make.conf

Talk status
This discussion is done.

When installing selecting the multilib profile itself wasn't sufficient. I only got true multilib support after adding the follwing in make.conf. I think it's worth mentioning it upfront so that people wouldn't have to recompile @world

ABI_X86="64 32" 
No, this is not a good suggestion to make for all Gentoo users to read the Handbook. We recommend only setting enable abi_x86_32 as-needed on a per-package basis, not globally. As explained by Ben Kohler (iamben) , "if you enable ABI_X86="32" globally up front, you save a little bit of user configuration time up front but you waste a lot of compile time on every upgrade forever". Also, if this was set globally as you suggest, revising those packages later can cause headaches. Kind regards, --Maffblaster (talk) 19:30, 3 October 2016 (UTC)

Chroot on one line

Talk status
This discussion is done as of Jun 6 2015.

It would be imo convenient to have one-liner for the mounts before the chrooting, instead of five separate commands, so that one could easily copy-paste the one command to terminal and execute it in one take

I.e., instead of (or, placed after)

root #mount -t proc proc /mnt/gentoo/proc
root #mount --rbind /sys /mnt/gentoo/sys
root #mount --make-rslave /mnt/gentoo/sys
root #mount --rbind /dev /mnt/gentoo/dev
root #mount --make-rslave /mnt/gentoo/dev

there ought to be also

mount -t proc proc /mnt/gentoo/proc && mount --rbind /sys /mnt/gentoo/sys && mount --make-rslave /mnt/gentoo/sys && mount --rbind /dev /mnt/gentoo/dev && mount --make-rslave /mnt/gentoo/dev

--Renergy (talk) 19:39, 6 June 2015 (UTC)

Renergy, I can see that may be easier to copy and paste a one line command such as you posted above. Part of the purpose of the Handbook is to teach people how to install Gentoo Linux, not to make the install as fast as possible, which is why we have each command on a separate line. I will think about putting a one-liner like you suggest as a secondary option for people who are in a hurry. Sincerely, --Maffblaster (talk) 22:14, 21 December 2015 (UTC)

Potential security problem

Talk status
This discussion is still ongoing as of Jun 28 2015.

Going though the handbook normally leads you through getting the minimal .iso and stage 3 tarball over https, checking hashes and verifying with gpg. All good so far. Here, it tells users to run emerge-webrsync, without any warning that it defaults to using http - enabling a MITM attack. If I understand correctly, this is for downloading and setting up portage, while running as root. By default, emerge-webrsync does not verify gpg signatures, so at this point the system must be considered fundamentally insecure.

The user stanley on irc suggested using this procedure: https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Pulling_validated_Gentoo_ebuild_tree_snapshots - it should definitely be mentioned as an option at this stage, since doing it with an already insecure system at the later stage will make little difference.

Also, emerge-webrsync should default to using HTTPS.

--OliverUv (talk) 12:26, 28 June 2015 (UTC)

But this affects all arches, right? See Handbook_Talk:Parts/Installation/Base --Charles17 (talk) 17:43, 20 January 2016 (UTC)
Hm...I'll see what we can do about this upstream. It would be nice if the mirrors used HTTPS, but I'm not sure we have a good way of enforcing it. --Maffblaster (talk) 18:21, 18 November 2016 (UTC)
So, the good news is that current Gentoo minimal install images ship with a sufficiently modern Portage (>=2.3.42, with the rsync-verify USE flag set) such that for a vanilla rsync-based emerge --sync (under the recommended /etc/portage/repos.conf/gentoo.conf settings from the guide: sync-rsync-verify-metamanifest = yes etc.), signature verification with failure quarantine will be carried out.
The not so good news is that in this section of the handbook, it is still recommended first to carry out a vanilla emerge-webrsync, which for some mirrors anyway will use unauthenticated HTTP (e.g. http://trumpetti.atm.tut.fi/gentoo), and which does not (by default) signature verify the downloaded tree.
This is easy enough to work around though - just set sync-webrsync-verify-signature = true in the [gentoo] section of /etc/portage/repos.conf/gentoo.conf, temporarily set sync-type = webrsync in that file also (rather than sync-type = rsync) and then issue emaint sync --auto. This will do all the necessary signature updating etc and then download and verify the daily snapshot (NB - emerge-webrsync will complain if you try to directly invoke it with sync-webrsync-verify-signature = true set; you need to use emaint sync or emerge --sync). Then, once done, just flip back to using sync-type = rsync. This ensures all updates are validated, and doesn't mess the flow of the guide up too much. (I'm just in the process of switching over to recommending this workflow for my own EFI install guide, incidentally.) --Sakaki (talk) 13:33, 11 October 2018 (UTC)

Choosing profiles

Talk status
This discussion is still ongoing as of Oct 22 2015.

I believe profiles should be chosen after the initial reboot at least for amd64 and x86. Choosing a desktop profile, in particular, too early causes increased and unnecessary install time added to a user's experience.

I think it should be saved until the first reboot.

--Grknight (talk) 01:46, 22 October 2015 (UTC)

I will experiment on a virtual machine with this. My initial thoughts are that you're right. Rebuilding world after the profile selection is probably not a necessary part of the process. --Maffblaster (talk) 23:28, 1 February 2016 (UTC)
Also, the profile selection should be updated to 17.0, maybe with a little warning regarding 17.1 which got stabilized recently.--Charles17 (talk) 10:28, 27 December 2017 (UTC)

Update in progress... --Maffblaster (talk) 02:44, 28 April 2018 (UTC)

Add -qt5 USE flag

Talk status
This discussion is done as of May 13, 2017.

Let me quote: "gnome gtk -kde -qt4 will compile programs with GNOME (and GTK) support, and not with KDE (and Qt) support, making the system fully tweaked for GNOME (if the architecture supports it)."

Please add -qt5 to the previous sentence as well.

Fturco (talk) 15:25, 16 April 2017 (UTC)

Good suggestion. Consider it done. --Maffblaster (talk) 06:35, 14 May 2017 (UTC)

Will we need Section of "Mounting the boot partition"?

Talk status
This discussion is still ongoing as of May 13, 2017.

Hello, Operation of this section is already executed in section of "Preparing the disks".
Haven't we mounting /dev/sda2 on /boot already?

Kind regards, --Komainu8 (talk) 11:04, 13 May 2017 (UTC)

It depends on what install path you take. With this being said, the entire disk section(s) of the Handbook need a major reworking, so I would not be surprised if mounting is inconsistently noted here. I'll leave this open for now since no one is ready to work on fixing the disk section yet... --Maffblaster (talk) 06:39, 14 May 2017 (UTC)
It would be great to have such thing mentioned. --Wowpetr (talk) 09:25, 12 July 2017 (UTC)

Mounting the necessary filesystems

Talk status
This discussion is done as of July 25, 2017.

It is good to mention that if you interrupt the installation process at any stage later (e.g. by rebooting), you may need to mount these partitions again. --Wowpetr (talk) 09:25, 12 July 2017 (UTC)

Thanks for the tip. Your suggestion has been implemented! --Maffblaster (talk) 23:34, 25 July 2017 (UTC)

Entering the new environment

Talk status
This discussion is done as of July 25, 2017.

It is good to mention that if you interrupt the installation process at any stage inside chroot environment (e.g. by rebooting), you need to chroot again. --Wowpetr (talk) 09:39, 12 July 2017 (UTC)

Thanks for the tip. Your suggestion has been implemented! --Maffblaster (talk) 23:34, 25 July 2017 (UTC)

Warning about 17.x profiles

Talk status
This discussion is done as of April 27, 2018.

Please add a big warning before the profile selection instructions, to tell users not to use 17.0 or 17.1 profiles until they have read the corresponding news items and are prepared to follow the migration instructions.

Iamben (talk) 15:34, 29 December 2017 (UTC)

Done. --Maffblaster (talk) 02:39, 28 April 2018 (UTC)

Typo correction

Talk status
This discussion is still ongoing as of April 27, 2018.

Right at the bottom of the page, the line

root #env-update && source /etc/profile && export PS1="(chroot) $PS1"

should read

root #env-update && source /etc/profile && export PS1="(chroot) ${PS1}"

to properly maintain consistency with the previous command under Entering the New Environment

Redchillipadi (talk) 02:54, 27 April 2018 (UTC)

It looks that way to me, Redchillipadi . What's the exact link that you're seeing just $PS1? --Maffblaster (talk) 02:38, 28 April 2018 (UTC)

My browser says https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base PS1 is mentioned under Entering the new environment as ${PS1} and at the bottom under Configure Locales as $PS1 Redchillipadi (talk) 02:55, 28 April 2018 (UTC)

Remind the user to fat32 format the esp partition

Talk status
This discussion is still ongoing as of October 13, 2018.

I'm a new gentoo user but I guess it's not a bad thing to have a novice's view on how this guide is structured.

The thing I noticed, following the uefi route is that it would be better to get reminded further down again to format sda2 (the esp partition) as FAT32. It isnt mentioned at the appropriate place.

The first time doing this guide, I didn't notice that, ended up installing everything and then the bootloader setup failed because I had the esp as ext2 instead of fat32 (and wasn't able to fix it). Now I'm on my second try due to that.

[...]
root #mkfs.ext2 /dev/sda2
root #mkfs.ext4 /dev/sda4
Now create the filesystems on the newly created partitions (or logical volumes)."

It should be placed (or at least mentioned again) here.

AnukWolf (talk) 16:00, 13 October 2018 (UTC


Add instructions for bind mounting udev

Talk status
This discussion is still ongoing.

os-prober needs /run/udev to function properly and will hang indefinitely if it's not bind mounted from outside. Consider adding a line for bind mounting it from outside the chroot, or at least a small blurb under the mounting to say that other things might need to be mounted. See this section of the GRUB2 wiki page for details.

Remove command to create /boot

Talk status
This discussion is still ongoing as of January 1, 2019.

The /boot directory is already present in the stage3 tarball, so `mkdir /boot' can be removed. Also the paragraph just above needs to be adjusted slightly.

--Rafo (talk) 19:02, 1 January 2019 (UTC)